[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b45b729e by Moritz Muehlenhoff at 2018-08-29T09:09:51Z
NFUs
chromium n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -343,9 +343,9 @@ CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?dat
 CVE-2018-15898
 	RESERVED
 CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because ...)
 	NOT-FOR-US: iCMS
 CVE-2018-15894 (A SQL injection was discovered in ...)
@@ -384,11 +384,11 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
 CVE-2018-15883
 	RESERVED
 CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2018-15879
 	RESERVED
 CVE-2018-15878
@@ -415,7 +415,7 @@ CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 route
 CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers ...)
 	NOT-FOR-US: D-Link
 CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid ...)
-	TODO: check
+	NOT-FOR-US: Sentrifugo
 CVE-2018-15872
 	RESERVED
 CVE-2018-15871 (An invalid memory address dereference was discovered in ...)
@@ -1044,7 +1044,7 @@ CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, expos
 CVE-2018-15597
 	RESERVED
 CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
 	- cobbler <removed>
 CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
@@ -1290,7 +1290,7 @@ CVE-2018-15531
 CVE-2018-15530
 	RESERVED
 CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny ...)
-	TODO: check
+	NOT-FOR-US: Mutiny appliance
 CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
 	NOT-FOR-US: Java System Solutions SSO plugin
 CVE-2018-15527
@@ -2148,7 +2148,7 @@ CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Cont
 CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 ...)
 	NOT-FOR-US: Telerik
 CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. ...)
-	TODO: check
+	NOT-FOR-US: Auth0 auth0-aspnet
 CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other ...)
 	- pango1.0 1.42.4-1 (low)
 	[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -3457,7 +3457,7 @@ CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x befor
 CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
 	NOT-FOR-US: TightRope Media Carousel Digital Signage
 CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported data ...)
-	TODO: check
+	NOT-FOR-US: conference-scheduler-cli
 CVE-2018-14571
 	RESERVED
 CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php ...)
@@ -24353,7 +24353,7 @@ CVE-2018-6645
 CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
 	- sblim-sfcb <itp> (bug #754493)
 CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NetMRI
 CVE-2018-6642
 	RESERVED
 CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...)
@@ -32230,7 +32230,7 @@ CVE-2018-3928
 CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -32250,7 +32250,7 @@ CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Sams
 CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2018-3915
 	RESERVED
 CVE-2018-3914
@@ -48940,7 +48940,7 @@ CVE-2017-15432
 CVE-2017-15431
 	RESERVED
 CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 ...)
-	TODO: check
+	- chromium-browser <not-affected> (Plugin specific to Chrome)
 CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Google ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b45b729eb2cec6a231257555073e1d9786a50440

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b45b729eb2cec6a231257555073e1d9786a50440
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/0db977f7/attachment-0001.html>