[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Sep 6 14:55:51 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fde4232 by Moritz Muehlenhoff at 2018-09-06T13:19:06Z
NFUs

- - - - -
0a8fdcdd by Moritz Muehlenhoff at 2018-09-06T13:55:35Z
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2018-16554
 CVE-2018-16553
 	RESERVED
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...)
-	TODO: check
+	NOT-FOR-US: MicroPyramid Django-CRM
 CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
 	NOT-FOR-US: LavaLite
 CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the ...)
@@ -16,9 +16,9 @@ CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a m
 CVE-2018-16547
 	RESERVED
 CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key across ...)
-	TODO: check
+	NOT-FOR-US: Amcrest
 CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager ...)
-	TODO: check
+	NOT-FOR-US: Kaizen Asset Manager
 CVE-2018-16544
 	RESERVED
 CVE-2018-16538
@@ -56,17 +56,17 @@ CVE-2018-16523
 CVE-2018-16522
 	RESERVED
 CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2018-16520
 	RESERVED
 CVE-2018-16519
 	RESERVED
 CVE-2018-16518 (A directory traversal vulnerability with remote code execution in ...)
-	TODO: check
+	NOT-FOR-US: Prim'X Zed! FREE
 CVE-2018-16517
 	RESERVED
 CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
-	TODO: check
+	- python-flask-admin <itp> (bug #765509)
 CVE-2018-16514
 	RESERVED
 CVE-2018-XXXX [Interger overflow while running jhead]
@@ -183,7 +183,7 @@ CVE-2018-1000672
 CVE-2018-1000662
 	REJECTED
 CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGateway ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti
 CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
 	NOT-FOR-US: baigo CMS
 CVE-2018-16457
@@ -457,7 +457,7 @@ CVE-2018-16363
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
 	NOT-FOR-US: Mantis plugin
 CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-16360
 	RESERVED
 CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits ...)
@@ -586,7 +586,7 @@ CVE-2018-16309
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
 	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2018-16306
 	RESERVED
 CVE-2018-16305
@@ -697,7 +697,7 @@ CVE-2018-16254
 CVE-2018-16253
 	RESERVED
 CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML ...)
-	TODO: check
+	NOT-FOR-US: FsPro Labs Event Log Explorer
 CVE-2018-16251
 	RESERVED
 CVE-2018-16250
@@ -925,15 +925,15 @@ CVE-2018-16150
 CVE-2018-16149
 	RESERVED
 CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview ...)
-	TODO: check
+	NOT-FOR-US: Opsview Monitor
 CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview ...)
-	TODO: check
+	NOT-FOR-US: Opsview Monitor
 CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 ...)
-	TODO: check
+	NOT-FOR-US: Opsview Monitor
 CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...)
-	TODO: check
+	NOT-FOR-US: Opsview Monitor
 CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview ...)
-	TODO: check
+	NOT-FOR-US: Opsview Monitor
 CVE-2018-16143
 	RESERVED
 CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...)
@@ -1449,9 +1449,9 @@ CVE-2018-15921
 CVE-2018-15920
 	RESERVED
 CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) ...)
-	TODO: check
+	NOT-FOR-US: Jorani
 CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow ...)
-	TODO: check
+	NOT-FOR-US: Jorani
 CVE-2018-15916
 	RESERVED
 CVE-2018-15915
@@ -2057,23 +2057,23 @@ CVE-2018-15686
 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain ...)
 	- electron <itp> (bug #842420)
 CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The "returnto" parameter of ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using String.replace and ...)
-	TODO: check
+	NOT-FOR-US: BTITeam XBTIT
 CVE-2018-15675
 	RESERVED
 CVE-2018-15674



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f2621a894db8bc79f549d4909b8190d43104701...0a8fdcdd8aa8e6134ba651bf08b792040aa23e46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f2621a894db8bc79f549d4909b8190d43104701...0a8fdcdd8aa8e6134ba651bf08b792040aa23e46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/4bba6110/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list