[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFU

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8820e02 by Salvatore Bonaccorso at 2018-12-19T11:00:39Z
Process NFU

- - - - -
ef49586b by Salvatore Bonaccorso at 2018-12-19T11:00:59Z
Add icingaweb2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2018-20203
 CVE-2018-20202
 	RESERVED
 CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString ...)
-	TODO: check
+	NOT-FOR-US: Espruino 2V00
 CVE-2018-20200
 	RESERVED
 CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of ...)
@@ -4693,7 +4693,7 @@ CVE-2018-19831
 CVE-2018-19830
 	RESERVED
 CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in ...)
-	TODO: check
+	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the ...)
@@ -8103,7 +8103,7 @@ CVE-2018-19524
 CVE-2018-19523
 	RESERVED
 CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
-	TODO: check
+	NOT-FOR-US: DriverAgent
 CVE-2018-19521
 	RESERVED
 CVE-2018-19520 (An issue was discovered in SDCMS 1.6 with PHP 5.x. ...)
@@ -9915,7 +9915,7 @@ CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
 CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
 	NOT-FOR-US: AbiSoft Ticketly
 CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete ...)
-	TODO: check
+	NOT-FOR-US: PHP Server Monitor
 CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)
 	- python3-py-evm <itp> (bug #884796)
 CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment ...)
@@ -11760,15 +11760,20 @@ CVE-2019-0002
 CVE-2019-0001
 	RESERVED
 CVE-2018-18250 (Icinga Web 2 before 2.6.2 allows parameters that break navigation ...)
-	TODO: check
+	- icingaweb2 2.6.2-1
+	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
 CVE-2018-18249 (Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives ...)
-	TODO: check
+	- icingaweb2 2.6.2-1
+	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
 CVE-2018-18248 (Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir ...)
-	TODO: check
+	- icingaweb2 2.6.2-1
+	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt
 CVE-2018-18247 (Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add ...)
-	TODO: check
+	- icingaweb2 2.6.2-1
+	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt
 CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF via ...)
-	TODO: check
+	- icingaweb2 2.6.2-1
+	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
 CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugin ...)
 	TODO: check
 CVE-2018-18244



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1ec4fcae8cc4af98f1d86251aeaeb85eb910bb43...ef49586b9e3472cc30a2bc388d218bdfafe2aeff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1ec4fcae8cc4af98f1d86251aeaeb85eb910bb43...ef49586b9e3472cc30a2bc388d218bdfafe2aeff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/d17b93b7/attachment.html>