[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Dec 21 16:11:47 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dbf1bc0 by Moritz Muehlenhoff at 2018-12-21T16:11:20Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -232,9 +232,9 @@ CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01
 CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal ...)
 	NOT-FOR-US: Go Git Service
 CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the ...)
-	TODO: check
+	NOT-FOR-US: Steve Pallen Xain
 CVE-2018-20301 (An issue was discovered in Steve Pallen Coherence before 0.5.2 that is ...)
-	TODO: check
+	NOT-FOR-US: Steve Pallen Coherence
 CVE-2018-20300 (Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code ...)
 	NOT-FOR-US: Empire CMS
 CVE-2018-20299 (An issue was discovered in several Bosch Smart Home cameras (360 degree ...)
@@ -7762,11 +7762,11 @@ CVE-2018-19600
 CVE-2018-19599
 	RESERVED
 CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users ...)
-	TODO: check
+	NOT-FOR-US: Statamic
 CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2018-19596 (Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the ...)
-	TODO: check
+	NOT-FOR-US: Zurmo
 CVE-2018-19595 (PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute ...)
 	NOT-FOR-US: PbootCMS
 CVE-2018-19594
@@ -8603,11 +8603,11 @@ CVE-2018-19510
 CVE-2018-19509
 	RESERVED
 CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ...)
-	TODO: check
+	NOT-FOR-US: CMSimple 
 CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ...)
-	TODO: check
+	NOT-FOR-US: CMSimple 
 CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the ...)
-	TODO: check
+	NOT-FOR-US: Zurmo
 CVE-2018-19505
 	RESERVED
 CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
@@ -9597,13 +9597,13 @@ CVE-2018-19244 (An XML External Entity (XXE) vulnerability exists in the Charles
 CVE-2018-19243
 	RESERVED
 CVE-2018-19242 (Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2018-19241 (Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2018-19240 (Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2018-19239 (TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2018-19238
 	RESERVED
 CVE-2018-19237
@@ -9613,9 +9613,9 @@ CVE-2018-19236
 CVE-2018-19235
 	RESERVED
 CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Miss Marple Enterprise
 CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users ...)
-	TODO: check
+	NOT-FOR-US: Miss Marple Enterprise
 CVE-2018-19232
 	RESERVED
 CVE-2018-19231
@@ -10491,7 +10491,7 @@ CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
 CVE-2018-18872
 	RESERVED
 CVE-2018-18871 (Missing password verification in the web interface on Gigaset Maxwell ...)
-	TODO: check
+	NOT-FOR-US: Gigaset
 CVE-2018-18870
 	RESERVED
 CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary ...)
@@ -10633,7 +10633,7 @@ CVE-2018-18812
 CVE-2018-18811
 	RESERVED
 CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s TIBCO ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2018-18809
 	RESERVED
 CVE-2018-18808
@@ -10733,7 +10733,7 @@ CVE-2018-18769
 CVE-2018-18768
 	RESERVED
 CVE-2018-18767 (An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-18766
 	RESERVED
 CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dbf1bc0fe61c4d8c5636370b5f1b47beff79014

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dbf1bc0fe61c4d8c5636370b5f1b47beff79014
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/d1081304/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list