[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Wed, 28 Nov 2018 00:36:01 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
265caabb by Salvatore Bonaccorso at 2018-11-28T08:32:02Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4433,7 +4433,7 @@ CVE-2018-18984
 CVE-2018-18983
        RESERVED
 CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application 
allows ...)
-       TODO: check
+       NOT-FOR-US: NUUO CMS
 CVE-2018-18981
        RESERVED
 CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 
0.8.0 ...)
@@ -7139,11 +7139,11 @@ CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA 
allows text content spoofi
 CVE-2018-17937
        RESERVED
 CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the 
upload ...)
-       TODO: check
+       NOT-FOR-US: NUUO CMS
 CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 
00.0A use ...)
        NOT-FOR-US: Telecrane
 CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows 
external ...)
-       TODO: check
+       NOT-FOR-US: NUUO CMS
 CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior 
versions may ...)
        NOT-FOR-US: VGo Robot
 CVE-2018-17932
@@ -8690,7 +8690,7 @@ CVE-2018-17258
 CVE-2018-17257
        RESERVED
 CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco 
CMS ...)
-       TODO: check
+       NOT-FOR-US: Umbraco CMS
 CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid 
parameter. ...)
        NOT-FOR-US: Navigate CMS
 CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL 
Injection via the ...)
@@ -11545,7 +11545,7 @@ CVE-2018-16132 (The image rendering component 
(createGenericPreview) of the Open
 CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in 
Lightbend Akka ...)
        NOT-FOR-US: Lightbend Akka
 CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 
version ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-558213
        REJECTED
 CVE-2018-16129
@@ -14506,9 +14506,9 @@ CVE-2018-14895
 CVE-2018-14894
        RESERVED
 CVE-2018-14893 (A system command injection vulnerability in zyshclient in 
ZyXEL NSA325 ...)
-       TODO: check
+       NOT-FOR-US: ZyXEL
 CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the 
web ...)
-       TODO: check
+       NOT-FOR-US: ZyXEL
 CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor 
before ...)
        NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
 CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a 
...)
@@ -18442,7 +18442,7 @@ CVE-2018-13378
 CVE-2018-13377
        RESERVED
 CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 
5.6.1 ...)
-       TODO: check
+       NOT-FOR-US: Fortinet FortiOS
 CVE-2018-13375
        RESERVED
 CVE-2018-13374
@@ -18560,7 +18560,7 @@ CVE-2018-13316 (System command injection in formAliasIp 
in TOTOLINK A3002RU vers
 CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK 
A3002RU ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU 
version ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2018-13313
        RESERVED
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU 
version ...)
@@ -18574,9 +18574,9 @@ CVE-2018-13309 (Cross-site scripting in password.htm in 
TOTOLINK A3002RU version
 CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU 
version ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU 
version 1.0.8 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU 
version 1.0.8 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of 
the ...)
        - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <undetermined>
@@ -19223,9 +19223,9 @@ CVE-2018-13025 
(protected/apps/admin/controller/photoController.php in YXcms 1.4
 CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a 
.php file, ...)
        NOT-FOR-US: Metinfo
 CVE-2018-13023 (System command injection vulnerability in wifi_access in 
Xiaomi Mi ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on 
Xiaomi Mi ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an 
Arbitrary Script ...)
        NOT-FOR-US: HongCMS
 CVE-2018-13020
@@ -21568,7 +21568,7 @@ CVE-2018-12243 (The Symantec Messaging Gateway product 
prior to 10.6.6 may be ..
 CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be 
...)
        NOT-FOR-US: Symantec
 CVE-2018-12241 (The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI 
is ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be 
susceptible ...)
        NOT-FOR-US: Norton
 CVE-2018-12239
@@ -32749,13 +32749,13 @@ CVE-2018-7963
 CVE-2018-7962
        RESERVED
 CVE-2018-7961 (There is a smart SMS verification code vulnerability in some 
Huawei ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace 
product. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An 
...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability 
in ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) 
have an ...)
        NOT-FOR-US: Huawei
 CVE-2018-7956
@@ -32779,7 +32779,7 @@ CVE-2018-7948
 CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A 
...)
        NOT-FOR-US: Huawei
 CVE-2018-7946 (There is an information leak vulnerability in some Huawei 
smartphones. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7945
        RESERVED
 CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) 
and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/265caabbf77cb806d6e14a4b1e82310e6ccda02b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/265caabbf77cb806d6e14a4b1e82310e6ccda02b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to