[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Oct 20 09:54:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
172dabaf by Salvatore Bonaccorso at 2018-10-20T08:53:57Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,11 +13,11 @@ CVE-2018-18533
 CVE-2018-18532
 	RESERVED
 CVE-2018-18531 (text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, ...)
-	TODO: check
+	NOT-FOR-US: kaptcha
 CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter because the ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP
 CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter because the ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP
 CVE-2018-18528
 	RESERVED
 CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or ...)
@@ -273,7 +273,7 @@ CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.ph
 CVE-2018-18429
 	RESERVED
 CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter ...)
 	NOT-FOR-US: s-cms
 CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by ...)
@@ -289,15 +289,15 @@ CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the .
 CVE-2018-18421
 	RESERVED
 CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered in the ...)
-	TODO: check
+	NOT-FOR-US: Zenario Content Management System
 CVE-2018-18419 (Stored XSS has been discovered in the upload section of ARDAWAN.COM ...)
-	TODO: check
+	NOT-FOR-US: ARDAWAN.COM User Management
 CVE-2018-18418
 	RESERVED
 CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been ...)
-	TODO: check
+	NOT-FOR-US: Ekushey Project Manager CRM
 CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and ...)
-	TODO: check
+	NOT-FOR-US: LANGO Codeigniter Multilingual Scrip
 CVE-2018-18415
 	RESERVED
 CVE-2018-18414
@@ -385,7 +385,7 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in ...)
 	NOT-FOR-US: Z-BlogPHP
 CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php accepts ...)
-	TODO: check
+	NOT-FOR-US: Bigtree CMS
 CVE-2018-18379
 	RESERVED
 CVE-2018-18378



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/172dabaf348fa9cfc08af5ab8029b7857025ea63

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/172dabaf348fa9cfc08af5ab8029b7857025ea63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181020/37e5741c/attachment.html>

More information about the debian-security-tracker-commits mailing list