Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf484254 by Salvatore Bonaccorso at 2018-03-25T11:29:02+02:00
Add CVE-2018-876{3,4}/ldap-account-manager
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -581,10 +581,18 @@ CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code
Execution because of an Arbi
NOT-FOR-US: joyplus-cms
CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file
(2345NetFirewall.sys) ...)
NOT-FOR-US: 2345 Security Guard
-CVE-2018-8764
- RESERVED
-CVE-2018-8763
- RESERVED
+CVE-2018-8764 [CSRF token in URL]
+ RESERVED
+ - ldap-account-manager <unfixed>
+ NOTE: https://www.ldap-account-manager.org/lamcms/node/354
+ NOTE:
https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
+CVE-2018-8763 [XSS vulnerabilities]
+ RESERVED
+ - ldap-account-manager <unfixed>
+ NOTE:
https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
+ NOTE:
https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
+ NOTE:
https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
+ NOTE: https://www.ldap-account-manager.org/lamcms/node/354
CVE-2018-8762
RESERVED
CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
