[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf78bf81 by Salvatore Bonaccorso at 2018-10-10T08:24:25Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2018-18203
 	RESERVED
 CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-18201 (qibosoft V7.0 allows CSRF via ...)
 	TODO: check
 CVE-2018-18200 (There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. ...)
-	TODO: check
+	NOT-FOR-US: REDAXO
 CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
-	TODO: check
+	NOT-FOR-US: REDAXO
 CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php in ...)
-	TODO: check
+	NOT-FOR-US: REDAXO
 CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] ...)
 	TODO: check
 CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
@@ -23,7 +23,7 @@ CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[]
 CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer ...)
 	TODO: check
 CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: FineCms
 CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...)
 	TODO: check
 CVE-2018-18189
@@ -233,7 +233,7 @@ CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red&quot
 CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
 	TODO: check
 CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: EmpireCMS
 CVE-2018-18085
 	RESERVED
 CVE-2018-18084 (An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ...)
@@ -767,7 +767,7 @@ CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding ...)
 CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows remote ...)
 	NOT-FOR-US: DASAN H660GW device
 CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
 CVE-2018-17865
 	RESERVED
 CVE-2018-17864
@@ -781,15 +781,15 @@ CVE-2018-17861
 CVE-2018-17860
 	RESERVED
 CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer actions ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-17857 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks on ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-17856 (An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-17855 (An issue was discovered in Joomla! before 3.8.13. If an attacker gets ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2015-9271 (The VideoWhisper videowhisper-video-conference-integration plugin ...)
 	NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration
 CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf78bf81c61a933ba1787635b0713ccc65615338

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf78bf81c61a933ba1787635b0713ccc65615338
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181010/058fb9a2/attachment.html>