Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27695474 by Salvatore Bonaccorso at 2018-11-16T20:18:07Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=gifts&a=update to ...)
- TODO: check
+ NOT-FOR-US: SRCMS
CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=manager&a=update to ...)
- TODO: check
+ NOT-FOR-US: SRCMS
CVE-2018-19317
RESERVED
CVE-2018-19316
@@ -13,9 +13,9 @@ CVE-2018-19314
CVE-2018-19313
RESERVED
CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter
to the ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the
main.php?p=20201 ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2018-19310
RESERVED
CVE-2018-19309
@@ -1490,33 +1490,33 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted
X.509 certificate during
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection
via the ...)
- TODO: check
+ NOT-FOR-US: School Equipment Monitoring System
CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen,
related to ...)
- TODO: check
+ NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login
screen, ...)
- TODO: check
+ NOT-FOR-US: Bakeshop Inventory System
CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the
login ...)
- TODO: check
+ NOT-FOR-US: Curriculum Evaluation System
CVE-2018-18802
RESERVED
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: BSEN Ordering software
CVE-2018-18800
RESERVED
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798
RESERVED
CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the
"Search for ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the
...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2018-18794 (School Event Management System 1.0 allows CSRF via ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File
Upload via ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in
...)
NOT-FOR-US: zzcms
CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in
...)
@@ -1583,15 +1583,15 @@ CVE-2018-18764 (An exploitable arbitrary memory read
vulnerability exists in the
[jessie] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer
builds the Chromecast support
CVE-2018-18763 (SaltOS 3.1 r8126 allows ...)
- TODO: check
+ NOT-FOR-US: SaltOS
CVE-2018-18762
RESERVED
CVE-2018-18761 (SaltOS 3.1 r8126 allows
action=login&querystring=&user=[SQL] SQL ...)
- TODO: check
+ NOT-FOR-US: SaltOS
CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: RhinOS
CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: Modbus Slave
CVE-2018-18758
RESERVED
CVE-2018-18757
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2769547420bff7bdb3d7251c3277276a4927fc30
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2769547420bff7bdb3d7251c3277276a4927fc30
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
