[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Sep 17 11:00:19 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
187ca63b by Moritz Muehlenhoff at 2018-09-17T09:59:46Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
- TODO: check
+ NOT-FOR-US: UltimatePOS
CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 ...)
- TODO: check
+ NOT-FOR-US: Prezi Next
CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2018-17135
RESERVED
CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by ...)
- TODO: check
+ NOT-FOR-US: CScms
CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...)
- TODO: check
+ NOT-FOR-US: CScms
CVE-2018-17124
RESERVED
CVE-2018-17123
@@ -53,29 +53,29 @@ CVE-2018-17115
CVE-2018-17114
RESERVED
CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf ...)
- TODO: check
+ NOT-FOR-US: EasyCMS
CVE-2018-17112
RESERVED
CVE-2018-17111
RESERVED
CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ ...)
- TODO: check
+ NOT-FOR-US: Simple POS
CVE-2018-17109
RESERVED
CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
- TODO: check
+ NOT-FOR-US: SBIbuddy
CVE-2018-17107
RESERVED
CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
- TODO: check
+ NOT-FOR-US: Tinyftpd
CVE-2018-17105
RESERVED
CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
- TODO: check
+ NOT-FOR-US: QuickAppsCMS
CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
- tiff <unfixed>
- tiff3 <removed>
@@ -101,23 +101,23 @@ CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...)
TODO: check
CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
- TODO: check
+ - xar <removed>
CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
- TODO: check
+ - xar <removed>
CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in ...)
- TODO: check
+ NOT-FOR-US: DonLinkage
CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: DonLinkage
CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules ...)
- TODO: check
+ NOT-FOR-US: DonLinkage
CVE-2018-17089
RESERVED
CVE-2018-17087
RESERVED
CVE-2018-17086 (An issue was discovered in OTCMS 3.61. XSS exists in ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2018-17085 (An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2018-17084
RESERVED
CVE-2018-17083
@@ -173,7 +173,7 @@ CVE-2018-17064 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A
CVE-2018-17063 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
NOT-FOR-US: D-Link
CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2018-17061 (BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, and Yahoo! ...)
NOT-FOR-US: BullGuard Safe Browsing
CVE-2018-17060
@@ -330,7 +330,7 @@ CVE-2018-16989
CVE-2018-16988
RESERVED
CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...)
- TODO: check
+ NOT-FOR-US: Squash TM
CVE-2018-16986
RESERVED
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/187ca63bed4bf48abfb0c4b14f52175d4fc55f87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/187ca63bed4bf48abfb0c4b14f52175d4fc55f87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180917/10fe101e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list