[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Nov 16 20:18:41 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27695474 by Salvatore Bonaccorso at 2018-11-16T20:18:07Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to ...)
-	TODO: check
+	NOT-FOR-US: SRCMS
 CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to ...)
-	TODO: check
+	NOT-FOR-US: SRCMS
 CVE-2018-19317
 	RESERVED
 CVE-2018-19316
@@ -13,9 +13,9 @@ CVE-2018-19314
 CVE-2018-19313
 	RESERVED
 CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter to the ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2018-19310
 	RESERVED
 CVE-2018-19309
@@ -1490,33 +1490,33 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
 	NOTE: Squid in Debian builds without TLS support
 CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: School Equipment Monitoring System
 CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
-	TODO: check
+	NOT-FOR-US: PointOfSales
 CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...)
-	TODO: check
+	NOT-FOR-US: Bakeshop Inventory System
 CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login ...)
-	TODO: check
+	NOT-FOR-US: Curriculum Evaluation System
 CVE-2018-18802
 	RESERVED
 CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via ...)
-	TODO: check
+	NOT-FOR-US: BSEN Ordering software
 CVE-2018-18800
 	RESERVED
 CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via ...)
-	TODO: check
+	NOT-FOR-US: School Attendance Monitoring System
 CVE-2018-18798
 	RESERVED
 CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via ...)
-	TODO: check
+	NOT-FOR-US: School Attendance Monitoring System
 CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the "Search for ...)
-	TODO: check
+	NOT-FOR-US: Library Management System
 CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: School Event Management System
 CVE-2018-18794 (School Event Management System 1.0 allows CSRF via ...)
-	TODO: check
+	NOT-FOR-US: School Event Management System
 CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File Upload via ...)
-	TODO: check
+	NOT-FOR-US: School Event Management System
 CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
 	NOT-FOR-US: zzcms
 CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
@@ -1583,15 +1583,15 @@ CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the
 	[jessie] - smplayer <not-affected> (Vulnerable code not present)
 	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
 CVE-2018-18763 (SaltOS 3.1 r8126 allows ...)
-	TODO: check
+	NOT-FOR-US: SaltOS
 CVE-2018-18762
 	RESERVED
 CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL ...)
-	TODO: check
+	NOT-FOR-US: SaltOS
 CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: RhinOS
 CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
-	TODO: check
+	NOT-FOR-US: Modbus Slave
 CVE-2018-18758
 	RESERVED
 CVE-2018-18757



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2769547420bff7bdb3d7251c3277276a4927fc30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2769547420bff7bdb3d7251c3277276a4927fc30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181116/62650ca4/attachment.html>

More information about the debian-security-tracker-commits mailing list