[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 4 22:19:30 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0030e1d8 by Salvatore Bonaccorso at 2018-01-04T23:18:05+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,11 +11,11 @@ CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...)
CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title ...)
NOT-FOR-US: Fork CMS
CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via ...)
- TODO: check
+ NOT-FOR-US: "Add Link to Facebook" plugin for WordPress
CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
- TODO: check
+ NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
- TODO: check
+ NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5211
RESERVED
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
@@ -726,7 +726,7 @@ CVE-2017-1000497 (Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in
CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration ...)
TODO: check
CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site ...)
- TODO: check
+ NOT-FOR-US: QuickApps CMS
CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...)
TODO: check
CVE-2017-1000490 (Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any ...)
@@ -752,7 +752,7 @@ CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
TODO: check
CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
TODO: check
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030e1d86fa5e2d55065cf9af9b6c539f58802df
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030e1d86fa5e2d55065cf9af9b6c539f58802df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180104/2099bd49/attachment.html>
More information about the Secure-testing-commits
mailing list