[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Sep 25 21:39:24 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73f6c9a3 by Moritz Muehlenhoff at 2018-09-25T20:38:53Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -913,7 +913,7 @@ CVE-2018-17109
 CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
 	NOT-FOR-US: SBIbuddy
 CVE-2018-17107 (In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in ...)
-	TODO: check
+	NOT-FOR-US: Tgstation tgstation-server
 CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
 	NOT-FOR-US: Tinyftpd
 CVE-2018-17105
@@ -1067,7 +1067,7 @@ CVE-2018-17052
 CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via ...)
 	NOT-FOR-US: K-Net Cisco Configuration Manager
 CVE-2018-17050 (The mintToken function of a smart contract implementation for PolyAi ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
 	NOT-FOR-US: CQU-LANKERS
 CVE-2018-17048
@@ -1163,11 +1163,11 @@ CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR
 CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
 	NOT-FOR-US: TP-Link
 CVE-2018-17003 (In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been ...)
-	TODO: check
+	- limesurvey <itp> (bug #472802)
 CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
 	- tiff <unfixed> (bug #908778)
 	- tiff3 <removed>
@@ -1245,7 +1245,7 @@ CVE-2018-16967
 CVE-2018-16966
 	RESERVED
 CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2018-16964
 	RESERVED
 CVE-2018-16963
@@ -1512,7 +1512,7 @@ CVE-2018-16835
 CVE-2018-16834
 	RESERVED
 CVE-2018-16833 (Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...)
 	NOT-FOR-US: xunfeng
 CVE-2018-16949 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
@@ -1580,9 +1580,9 @@ CVE-2018-16824
 CVE-2018-16823
 	RESERVED
 CVE-2018-16822 (SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2018-16821 (SeaCMS 6.64 allows arbitrary directory listing via ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory ...)
 	NOT-FOR-US: Monstra CMS
 CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion ...)
@@ -1638,7 +1638,7 @@ CVE-2018-16795
 CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...)
 	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
 CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
-	TODO: check
+	NOT-FOR-US: Rollup 18 for Microsoft Exchange Server
 CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
 	{DSA-4294-1 DLA-1504-1}
 	[experimental] - ghostscript 9.25~dfsg-1~exp1
@@ -1660,11 +1660,11 @@ CVE-2018-16788
 CVE-2018-16787
 	RESERVED
 CVE-2018-16786 (DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-16785 (XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-16784 (DedeCMS 5.7 SP2 allows XML injection, and resultant remote code ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-16783
 	RESERVED
 CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73f6c9a3547fd6e9356a3f59f9d7b51f68cb92f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73f6c9a3547fd6e9356a3f59f9d7b51f68cb92f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/f03ad55e/attachment.html>


More information about the debian-security-tracker-commits mailing list