Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
48c38fdb by Moritz Muehlenhoff at 2018-11-27T18:28:42Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2041,7 +2041,8 @@ CVE-2018-19589
CVE-2018-19588
RESERVED
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c
...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
CVE-2018-19586
RESERVED
CVE-2018-19585
@@ -2719,7 +2720,7 @@ CVE-2018-19550 (Interspire Email Marketer through 6.1.6
allows arbitrary file up
CVE-2018-19549 (Interspire Email Marketer through 6.1.6 has SQL Injection via
a tagids ...)
NOT-FOR-US: Interspire Email Marketer
CVE-2018-19548 (index.php?r=site%2Flogin in EduSec through 4.2.6 does not
restrict ...)
- TODO: check
+ NOT-FOR-US: EduSec
CVE-2018-19547 (JTBC(PHP) 3.0.1.7 has XSS via the ...)
NOT-FOR-US: JTBC(PHP)
CVE-2018-19546 (JTBC(PHP) 3.0.1.7 has CSRF via the ...)
@@ -4797,7 +4798,7 @@ CVE-2018-18809
CVE-2018-18808
RESERVED
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO
...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2017-18350
RESERVED
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of
service ...)
@@ -18513,25 +18514,25 @@ CVE-2018-13319 (Incorrect access control in
get_portal_info in Buffalo TS5600D12
CVE-2018-13318 (System command injection in User.create method in Buffalo
TS5600D1206 ...)
NOT-FOR-US: Buffalo
CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU
version 1.0.8 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13316
RESERVED
CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK
A3002RU ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13314
RESERVED
CVE-2018-13313
RESERVED
CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU
version ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU
version 1.0.8 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13310 (Cross-site scripting in password.htm in TOTOLINK A3002RU
version 1.0.8 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU
version 1.0.8 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU
version ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13307
RESERVED
CVE-2018-13306
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/48c38fdb0d0780bd7b84323a054c30503971bd0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/48c38fdb0d0780bd7b84323a054c30503971bd0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
