[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Dec 31 08:18:00 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef437fd5 by Salvatore Bonaccorso at 2018-12-31T08:17:29Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: CIM
 CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
-	TODO: check
+	NOT-FOR-US: TEMMOKU
 CVE-2018-20612 (UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. ...)
-	TODO: check
+	NOT-FOR-US: UWA
 CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php efile ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via the ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20606 (imcat 4.4 allows full path disclosure via a ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP code by ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via ...)
-	TODO: check
+	NOT-FOR-US: Lei Feng TV CMS
 CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html ...)
-	TODO: check
+	NOT-FOR-US: Lei Feng TV CMS
 CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the ...)
-	TODO: check
+	NOT-FOR-US: Lei Feng TV CMS
 CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an index.php ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
 	NOT-FOR-US: Jspxcms
 CVE-2018-20595 (A CSRF issue was discovered in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef437fd52d78ec02b2eaa193790be6d1648251c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef437fd52d78ec02b2eaa193790be6d1648251c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181231/7789548c/attachment.html>


More information about the debian-security-tracker-commits mailing list