Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cf484254 by Salvatore Bonaccorso at 2018-03-25T11:29:02+02:00 Add CVE-2018-876{3,4}/ldap-account-manager - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -581,10 +581,18 @@ CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbi NOT-FOR-US: joyplus-cms CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...) NOT-FOR-US: 2345 Security Guard -CVE-2018-8764 - RESERVED -CVE-2018-8763 - RESERVED +CVE-2018-8764 [CSRF token in URL] + RESERVED + - ldap-account-manager <unfixed> + NOTE: https://www.ldap-account-manager.org/lamcms/node/354 + NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688 +CVE-2018-8763 [XSS vulnerabilities] + RESERVED + - ldap-account-manager <unfixed> + NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302 + NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c + NOTE: https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a + NOTE: https://www.ldap-account-manager.org/lamcms/node/354 CVE-2018-8762 RESERVED CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits