[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jul 4 21:15:28 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
689eaf54 by Moritz Muehlenhoff at 2018-07-04T22:15:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,11 +15,11 @@ CVE-2018-13148
 CVE-2018-13147
 	RESERVED
 CVE-2018-13146 (The mintToken, buy, and sell functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13145 (The mintToken function of a smart contract implementation for ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13144 (The transfer and transferFrom functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13143
 	RESERVED
 CVE-2018-13142
@@ -35,13 +35,13 @@ CVE-2018-13138
 CVE-2018-13137
 	RESERVED
 CVE-2018-13136 (The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-13135
 	RESERVED
 CVE-2018-13134 (TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2018-13133 (Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated ...)
-	TODO: check
+	NOT-FOR-US: Golden Frog VyprVPN
 CVE-2015-9260
 	RESERVED
 CVE-2018-13132 (Spadeico is a smart contract running on Ethereum. The mint function has ...)
@@ -67,7 +67,7 @@ CVE-2018-13123 (onefilecms.php in OneFileCMS through 2017-10-08 might allow atta
 CVE-2018-13122 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers ...)
 	NOT-FOR-US: OneFileCMS
 CVE-2018-13121 (RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: RealOne Player
 CVE-2018-13120
 	RESERVED
 CVE-2018-13119
@@ -2409,7 +2409,7 @@ CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The
 CVE-2018-12256
 	RESERVED
 CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF ...)
-	TODO: check
+	NOT-FOR-US: InvoicePlane
 CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for ...)
 	NOT-FOR-US: Harmis Ek rishta component for Joomla!
 CVE-2018-12253
@@ -3917,25 +3917,25 @@ CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the st
 CVE-2018-11644
 	RESERVED
 CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11642 (Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11641 (Use of Hard-coded Credentials in ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11640 (XML External Entity (XXE) vulnerability in the web service in Dialogic ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11639 (Plaintext Storage of Passwords within Cookies in ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11638 (Unrestricted Upload of a File with a Dangerous Type in the ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11637 (Information leakage vulnerability in the administrative console in ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11636 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11635 (Use of a Hard-coded Cryptographic Key used to protect cookie session ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11634 (Plaintext Storage of Passwords in the administrative console in ...)
-	TODO: check
+	NOT-FOR-US: Dialogic
 CVE-2018-11633 (An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods ...)
 	NOT-FOR-US: MULTIDOTS Woo Checkout for Digital Goods plugin for WordPress
 CVE-2018-11632 (An issue was discovered in the MULTIDOTS Add Social Share Messenger ...)
@@ -4441,7 +4441,7 @@ CVE-2018-11431
 CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. ...)
 	NOT-FOR-US: Moderator Log Notes plugin for MyBB
 CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint function ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-11428
 	RESERVED
 CVE-2018-11427



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689eaf5478427469c6a88ed031050c8ef83d25da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689eaf5478427469c6a88ed031050c8ef83d25da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180704/d54a55b7/attachment.html>

More information about the debian-security-tracker-commits mailing list