Add four more CVEs courtesy of the new GHSA sync script

Author: reedloden

gems/chloride/CVE-2018-6517.yml

@@ -0,0 +1,17 @@
+---
+gem: chloride
+cve: 2018-6517
+url: https://puppet.com/security/cve/CVE-2018-6517
+date: 2019-03-08
+title: Improper handling of ssh known_hosts file with Chloride
+
+description: |
+  Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints
+  for previously unknown hosts getting added to the user's known_hosts file without
+  confirmation. In version 0.3.0 this is updated so that the user's known_hosts file
+  is not updated by chloride.
+
+cvss_v3: 5.0
+
+patched_versions:
+  - ">= 0.3.0"

gems/fat_free_crm/CVE-2018-1000842.yml

@@ -0,0 +1,23 @@
+---
+gem: fat_free_crm
+cve: 2018-1000842
+url: https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29
+date: 2018-10-27
+title: fat_free_crm gem XSS vulnerability via query parameter
+description: |
+  FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0
+  <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit
+  6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution.
+  This attack appear to be exploitable via Content with Javascript payload will be
+  executed on end user browsers when they visit the page. This vulnerability appears
+  to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.
+
+cvss_v3: 6.1
+cvss_v2: 4.3
+
+patched_versions:
+  - ">= 0.18.1"
+  - ~> 0.17.3
+  - ~> 0.16.4
+  - ~> 0.15.2
+  - ~> 0.14.2

gems/radiant/CVE-2018-7261.yml

@@ -0,0 +1,13 @@
+---
+gem: radiant
+cve: 2018-7261
+url: https://github.com/radiant/radiant/issues/412
+date: 2018-02-19
+title: Multiple persistent XSS vulnerabilities in Radiant CMS
+description: |
+  There are multiple Persistent XSS vulnerabilities in Radiant CMS.
+  They affect Personal Preferences (Name and Username) and Configuration (Site Title,
+  Dev Site Domain, Page Parts, and Page Fields).
+
+cvss_v3: 5.4
+cvss_v2: 3.5

gems/smart_proxy_dynflow/CVE-2018-14643.yml

@@ -0,0 +1,18 @@
+---
+gem: smart_proxy_dynflow
+cve: 2018-14643
+url: https://github.com/theforeman/smart_proxy_dynflow/pull/54
+date: 2018-09-14
+title: smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature
+description: |
+  An authentication bypass flaw was found in the smart_proxy_dynflow component
+  used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary
+  commands on machines managed by vulnerable Foreman instances, in a highly privileged
+  context.
+
+cvss_v3: 9.8
+cvss_v2: 10.0
+
+patched_versions:
+  - ~> 0.1.11
+  - ">= 0.2.1"