[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Jul 6 09:17:23 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90d76901 by Moritz Muehlenhoff at 2018-07-06T10:16:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41,9 +41,9 @@ CVE-2018-13342
 CVE-2018-13341
 	RESERVED
 CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
-	TODO: check
+	NOT-FOR-US: Gleez CMS
 CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode ...)
-	TODO: check
+	NOT-FOR-US: Imperavi Redactor
 CVE-2018-13338
 	RESERVED
 CVE-2018-13337
@@ -657,7 +657,7 @@ CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in t
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
 CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity), ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager
 CVE-2018-13051
 	RESERVED
 CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine Applications ...)
@@ -712,7 +712,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distri
 CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser ...)
 	NOT-FOR-US: ECESSA ShieldLink
 CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an ...)
-	TODO: check
+	NOT-FOR-US: DamiCMS
 CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman ...)
 	NOT-FOR-US: jpeg-compressor
 CVE-2018-13029
@@ -1378,7 +1378,7 @@ CVE-2018-12741
 CVE-2018-12740
 	RESERVED
 CVE-2018-12739 (In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a ...)
-	TODO: check
+	NOT-FOR-US: BEESCMS
 CVE-2018-12738
 	RESERVED
 CVE-2018-12737
@@ -1937,7 +1937,7 @@ CVE-2018-12573
 CVE-2018-12572
 	RESERVED
 CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-12570
 	RESERVED
 CVE-2018-12569
@@ -3156,7 +3156,7 @@ CVE-2018-12115
 CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user ...)
 	NOT-FOR-US: Maccms
 CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow ...)
-	TODO: check
+	NOT-FOR-US: Core FTP LE
 CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to ...)
 	NOT-FOR-US: md4c
 CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI ...)
@@ -3178,7 +3178,7 @@ CVE-2018-12105
 CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 ...)
 	NOT-FOR-US: Airbnb Knowledge Repo
 CVE-2018-12103 (An issue was discovered on D-Link DIR-890L A2 devices. Due to the ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
 	NOT-FOR-US: md4c
 CVE-2018-12101
@@ -6050,9 +6050,9 @@ CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices,
 CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are ...)
 	NOT-FOR-US: Arris Touchstone Telephony Gateway
 CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware update ...)
-	TODO: check
+	NOT-FOR-US: Diqee
 CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices. The ...)
-	TODO: check
+	NOT-FOR-US: Diqee
 CVE-2018-10986
 	RESERVED
 CVE-2018-10985
@@ -8564,9 +8564,9 @@ CVE-2018-10019
 CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue with user ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2018-9998 (Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
@@ -11803,7 +11803,7 @@ CVE-2016-10716 (The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira h
 CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira ...)
 	NOT-FOR-US: Atlassian Jira plugin
 CVE-2018-8738 (Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. ...)
-	TODO: check
+	NOT-FOR-US: Airties
 CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored XSS within ...)
 	NOT-FOR-US: Bookme Control Panel Application
 CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x ...)
@@ -13353,7 +13353,7 @@ CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML ..
 CVE-2018-8047
 	RESERVED
 CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before ...)
-	TODO: check
+	NOT-FOR-US: Sencha
 CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
 	NOT-FOR-US: Joomla
 CVE-2018-8044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90d7690176b788fd9412657aea62dd3b6b1e9dd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90d7690176b788fd9412657aea62dd3b6b1e9dd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180706/67d7f96b/attachment.html>

More information about the debian-security-tracker-commits mailing list