[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 31 08:18:00 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef437fd5 by Salvatore Bonaccorso at 2018-12-31T08:17:29Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: CIM
CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
- TODO: check
+ NOT-FOR-US: TEMMOKU
CVE-2018-20612 (UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. ...)
- TODO: check
+ NOT-FOR-US: UWA
CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php efile ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via the ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20606 (imcat 4.4 allows full path disclosure via a ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP code by ...)
- TODO: check
+ NOT-FOR-US: imcat
CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via ...)
- TODO: check
+ NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html ...)
- TODO: check
+ NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the ...)
- TODO: check
+ NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an index.php ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
NOT-FOR-US: Jspxcms
CVE-2018-20595 (A CSRF issue was discovered in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef437fd52d78ec02b2eaa193790be6d1648251c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef437fd52d78ec02b2eaa193790be6d1648251c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181231/7789548c/attachment.html>
More information about the debian-security-tracker-commits
mailing list