[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Sep 10 17:16:41 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89c22d5a by Moritz Muehlenhoff at 2018-09-10T16:16:19Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,29 +40,29 @@ CVE-2018-16774 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi
 CVE-2018-16773 (EasyCMS 1.5 allows XSS via the ...)
 	NOT-FOR-US: EasyCMS
 CVE-2018-16772 (Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered ...)
-	TODO: check
+	NOT-FOR-US: Hoosk
 CVE-2018-16771 (Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided ...)
-	TODO: check
+	NOT-FOR-US: Hoosk
 CVE-2018-16770 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16769 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16768 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16767 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16766 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16765 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16764 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-16763 (FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2018-16762 (FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2018-16761 (Eventum before 3.4.0 has an open redirect vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Eventum
 CVE-2018-16760
 	RESERVED
 CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...)
@@ -117,13 +117,13 @@ CVE-2018-16738
 CVE-2018-16737
 	RESERVED
 CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the ...)
-	TODO: check
+	NOT-FOR-US: rcfilters plugin for Roundcube
 CVE-2018-16735
 	RESERVED
 CVE-2018-16734
 	RESERVED
 CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in ...)
-	TODO: check
+	NOT-FOR-US: Go Ethereum
 CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via ...)
 	NOT-FOR-US: CScms
 CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
@@ -734,7 +734,7 @@ CVE-2018-16462
 CVE-2018-16461
 	RESERVED
 CVE-2018-16460 (A command Injection in ps package versions <1.0.0 for Node.js allowed ...)
-	TODO: check
+	NOT-FOR-US: ps node module
 CVE-2018-16459 (An unescaped payload in exceljs <v1.6 allows a possible XSS via cell ...)
 	NOT-FOR-US: exceljs
 CVE-2018-1000672
@@ -13839,7 +13839,7 @@ CVE-2018-11265
 CVE-2018-11264
 	RESERVED
 CVE-2018-11263 (In all Android releases (Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with all ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11261
@@ -34101,7 +34101,7 @@ CVE-2018-4012
 CVE-2018-4011
 	RESERVED
 CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect ...)
-	TODO: check
+	NOT-FOR-US: ProtonVPN client
 CVE-2018-4009
 	RESERVED
 CVE-2018-4008
@@ -34217,7 +34217,7 @@ CVE-2018-3954
 CVE-2018-3953
 	RESERVED
 CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect ...)
-	TODO: check
+	NOT-FOR-US: NordVPN
 CVE-2018-3951
 	RESERVED
 CVE-2018-3950



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89c22d5a6688faea6c988615385b3015d1a57987

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89c22d5a6688faea6c988615385b3015d1a57987
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180910/197d8b52/attachment.html>

More information about the debian-security-tracker-commits mailing list